CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-12510: LDAP Authentication Sever Pass-back attack

6.7 CVSS

Description

If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.

Classification

CVE ID: CVE-2024-12510

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.7

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Affected Products

Vendor: Xerox

Product: Versalink B400

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.83% (scored less or equal to compared to others)

EPSS Date: 2025-03-04 (when was this score calculated)

References

https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf

Timeline

2025-02-04 00:30:28 UTC
CVE

LDAP Authentication Sever Pass-back attack